If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

I could crack my wep yesterday but not today?

Hi Community
I have used both BT3, and BT4 and I have cracked my own WEP twice in the same evening. Feeling pleased with myself I closed the PC and went to bed. The next day trying to show my friend how unsafe WEP is I could not repeat the process. On the aireplay-ng konsol the data was staying at 0 thus there was no IVs for aircrack-ng to work with. As far as I know I have not done anything different to the first couple of times that I cracked my WEP. I had a problem with my AWUS036H not being able to inject packets in BT4, that did not prevent WEP cracking just made it slower, but that was solved when i updated BT4.
Here are the steps I follow-
root@bt:~# airmon-ng

wlan0 RTL8187 rtl8187 - [phy0]
(monitor mode enabled on mon0)
An additional question would be from now on which interface should i use wlan0, or mon0. I have used both and still get the same problem I have read that I should use mon0. But could someone confirm that. Or does it not make a difference.

when i now use airodump-ng -c -w bssid wlan0 to fix on an AP i get the fix but the data stays at 0. When i first cracked my WEP this went into the 1000s straight away.

when i use aireplay-ng -1 0 BSSID -h 00:11:22:33:44:55 wlan0 to do a fake authetication things are normal.
aireplay-ng -3 -b BSSID -h works, but has got no data to work with...
and thus aircrak-ng has also nothing to work with.
this is how i cracked my own WEP twice the first time, and its what i did the following day and nothing. So i dont understand what the problem is.
I run BT4/BT3 on VMware player on a vista home premium 32 host.
I get this problem in BT3 and BT4.
I hope someone can point me in the rigth direction.
thanks for your time
kwisj

Re: I could crack my wep yesterday but not today?

I'm new to this but I've done a crap load of reading and testing and I think I can help you out here...

Firstly, you must use mon0. Do not use wlan0. EDIT: On further reading I'm not so sure now if you must however you will save yourself a lot of confusion by just using the same one all of the time (mon0).

I think I can see a few problems in your commands. Firstly, in airodump-ng you've used the -w syntax but have not specified a filename. You also used -c but have not specified a channel. You also have bssid, but that should be --bssid <AP MAC>. But as I understand it, using --bssid is not essential, it is just a filter.

It is also a good idea to specify a channel when starting the interface in monitor mode, i.e: airmon-ng start wlan0 11 (if your target AP is running on channel 11). Then specify that same channel in airodump-ng using the -c syntax.

I've only been at this for 2 days now (I knew practically nothing of linux before) but I think I'm getting the grasp of things. A good tutorial I found was simple_wep_crack [Aircrack-ng]
I'd also recommend reading the documentation for the aircrack-ng suite to get a better understanding of the what is going on when you use those options.

Last edited by LlamaLlamaLamp; 10-12-2010 at 07:43 AM.
Reason: Clarification